From 4f015b8c624484e0c3b2d88b944163ce43a48d1f Mon Sep 17 00:00:00 2001
From: admin <weikou2014>
Date: 星期六, 27 十一月 2021 17:15:28 +0800
Subject: [PATCH] 功能完善
---
app/src/main/java/com/yeshi/location/app/aop/SignValidate.java | 94 +++++++++++++++++++++++++++++++++++++----------
1 files changed, 74 insertions(+), 20 deletions(-)
diff --git a/app/src/main/java/com/yeshi/location/app/aop/SignValidate.java b/app/src/main/java/com/yeshi/location/app/aop/SignValidate.java
index 5701c07..03797d9 100644
--- a/app/src/main/java/com/yeshi/location/app/aop/SignValidate.java
+++ b/app/src/main/java/com/yeshi/location/app/aop/SignValidate.java
@@ -1,14 +1,23 @@
package com.yeshi.location.app.aop;
import com.yeshi.location.app.entity.config.SystemConfigKey;
+import com.yeshi.location.app.service.inter.config.SystemConfigService;
+import com.yeshi.location.app.utils.ApiCodeConstant;
+import com.yeshi.location.app.utils.SystemInfoUtil;
import com.yeshi.location.app.vo.AcceptData;
-import net.sf.json.JSONObject;
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+import org.yeshi.utils.JsonUtil;
import org.yeshi.utils.StringUtil;
+import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
+import java.io.PrintWriter;
import java.util.*;
//瀹㈡埛绔帴鍙g鍚嶉獙璇�
@@ -17,28 +26,73 @@
@Order(2)
public class SignValidate {
- private String getHttpServletParams(HttpServletRequest request) {
- if (request == null) {
- return "";
- }
- Map map = request.getParameterMap();
- if (map != null) {
- Iterator<String> its = map.keySet().iterator();
- JSONObject json = new JSONObject();
- while (its.hasNext()) {
- String next = its.next();
- if (map.get(next) != null) {
- Object[] objects = (Object[]) map.get(next);
- if (objects != null && objects.length > 0) {
- json.put(next, objects[0].toString());
- }
- }
+ public static final String EDP = "execution(* com.yeshi.location.app.controller.client..*.*(..))";
+
+ @Resource
+ private SystemConfigService systemConfigService;
+
+ @Around(EDP)
+ public Object around(ProceedingJoinPoint joinPoint) throws Throwable {
+
+ Object[] args = joinPoint.getArgs();
+ ServletRequestAttributes servletContainer = (ServletRequestAttributes) RequestContextHolder
+ .getRequestAttributes();
+ PrintWriter out = null;//servletContainer.getResponse().getWriter();
+ AcceptData acceptData = null;
+ for (Object obj : args) {
+ if (obj instanceof AcceptData) {
+ acceptData = (AcceptData) obj;
+ break;
}
- return json.toString();
}
- return "";
+
+ if (acceptData != null) {
+ acceptData.setSystem(SystemInfoUtil.getSystem(acceptData.getPlatform(), acceptData.getPackages()));
+ }
+
+ boolean signIsRight = true;//signIsRight(servletContainer.getRequest(), acceptData);
+ if (!signIsRight) {
+ return (JsonUtil.loadFalseResult(ApiCodeConstant.CODE_FAIL_SIGN_ERROR, "绛惧悕閿欒"));
+ }
+
+ if (Math.abs((acceptData.getTimestamp() - System.currentTimeMillis())) > 1000 * 60 * 10) {
+ out.print(JsonUtil.loadFalseResult(ApiCodeConstant.CODE_FAIL_OUT_TIME, "鏃堕棿閿欒"));
+ return null;
+ }
+
+ return joinPoint.proceed();
}
+ /**
+ * 鍒ゆ柇绛惧悕鐨勬纭�� Android version>50
+ *
+ * @param request
+ * @return
+ */
+ private boolean signIsRight(HttpServletRequest request, AcceptData acceptData) {
+ Map<String, String[]> map = request.getParameterMap();
+ Iterator<String> its = map.keySet().iterator();
+ List<String> list = new ArrayList<>();
-
+ while (its.hasNext()) {
+ String key = its.next();
+ if (key.equalsIgnoreCase("sign") || key.equalsIgnoreCase("callback") || key.equalsIgnoreCase("_")) {
+ continue;
+ }
+ String[] values = map.get(key);
+ list.add(key + "=" + values[0]);
+ }
+ Collections.sort(list);
+ String str = "";
+ for (String st : list) {
+ str += st + "&";
+ }
+ String key = systemConfigService.getValueCache(acceptData.getSystem(), SystemConfigKey.signKey);
+ String sign = StringUtil.Md5(str + key);
+ if (sign.equalsIgnoreCase(request.getParameter("sign") + "")) {
+ return true;
+ } else {
+ return false;
+ }
+ }
}
--
Gitblit v1.8.0